One technique used in computer/network security auditing and administration is to attempt to find information about remote computers. For example, by sequentially sending requests to connect to the ports of a target computer, an administrator can discover which ports are listening, and what services are being offered via those ports. If the target computer is owned or managed by the administrator, this information can help the administrator confirm that only approved services are being provided, and that those services are up-to-date and not otherwise vulnerable to attacks. Tasks such as performing network inventory and monitoring the uptime of network nodes are also typically performed using scanning techniques.
In some cases, such as when an attack is being perpetrated by a remote computer against a managed node, the administrator of the managed node may attempt to learn more information about the attacking computer by performing assorted scans—for example to help stop the attack, or to document information useful to law enforcement. Unfortunately, attackers typically attempt to conceal information about their own systems to help evade detection.
Therefore, an ongoing need to be able to determine attributes of target computers exists.